I have the following line somewhere in the middle of my Dockerfile to retrieve an image from my private ECR.
FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401
This is the error that I get in AWS Codebuild when trying to build this:
Step 21/36 : FROM **********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************:ff03401 Get https://**********.dkr.ecr.ap-southeast-1.amazonaws.com/prod/*************/manifests/ff03401: no basic auth credentials
How can one provide these credentials in the most secure way, and in a way that can also be terraform
ed?
There are multiple ways to do it.
Using aws access and secret key. In which you set the aws credentials on the ec2 machine and run ecr login command. aws ecr get-login --no-include-email --registry-ids <some-id> --region eu-west-1
and then docker pull should work. But this is not a recommended secure way.
What I prefer is using aws iam roles.
Assuming you want to pull this image on your ec2 machine that was brought up using terraform. Make use of iam roles.
This should be enough to automatically pull docker images from ECR in a secure way.
Hope this helps.